RULES AND GUIDELINES
FOR THE USE OF COMPUTERS, NETWORKS,
E-MAIL AND THE INTERNET
Introduction
This document describes the rules and guidelines for the use of computers, networks, email, the Internet and other information systems (“IT resources”) within SCA. The rules
apply to all employees, independent contractors, temporary workers and every other user
of SCA’s information technology resources (“Users”).
The purpose of the document is to protect SCA’s business and the interests of customers,
partners, staff and others.
This policy supersedes all previous policies on the subject and will be supplemented or
amended in the future to address changing business and technical issues.
Basic premises
The basic premises on which these rules and guidelines are based are that IT resources of
SCA are owned by the Company and represent a work tool, which should as such be used
in the service of SCA. Moreover, the company should not suffer damage or unnecessary
costs due to inappropriate use of these work tools.
Individual responsibilities
It is important that all parties concerned have a clear understanding of their individual
responsibilities under this policy. You are expected to know the rules and follow them
strictly.
NON-COMPLIANCE WITH THIS POLICY WILL RESULT IN DISCIPLINARY AND /OR
ADMINISTRATIVE ACTION, INCLUDING, WHERE APPROPRIATE, TERMINATION OF
EMPLOYMENT AND LEGAL ACTION
Private use of IT resources
Accesses to IT resources have been provided to Users to ensure greater work efficiency.
Misuse of these facilities is not permitted. However, reasonable and minimal use of e-mail
and Internet for personal purposes is acceptable provided that:
• the usage takes place either during breaks and/or out of working hours except in
case of emergency;
• whenever it takes place, the usage does not interfere with any direct or indirect
commitments towards or by SCA;
• the usage does not result in substantial costs for SCA
• the usage conforms to specific guidelines set forth in this policy.
Protection and Integrity of SCA´s System
In order to prevent the spread of viruses and unauthorized access, our IT Resources are
protected by security systems, such as antivirus software and firewalls. Consequently it is
very important that each User uphold a high degree of security.
•
All connections and other adjustments to computers or other equipment in the
company´s network, without exception, must have prior approval from the IT
department.
•
The User is responsible for the security of his or hers computer/personal device.
•
The User may not disclose passwords or codes to any person.
•
The User must take all reasonable steps to protect the information technology
resources of SCA from computer viruses, unauthorized access and other attacks on
system integrity and security.
Use of the Internet
• It is strictly prohibited to view, store, download or circulate material which is sexually
explicit or pornographic, or which may otherwise reasonably be considered offensive or
abusive (including but not limited to any materials that could be perceived as offensive
on the grounds of race, sexual orientation, national origin, gender, disability, religious or
political beliefs), or to display any such material on any SCA computer (e.g. as a screen
saver). In addition to being a breach of this policy, downloading material that is obscene
or indecent may lead to criminal prosecution. Any comments made via e-mail regarding
the above areas are similarly prohibited.
•
Access to or participation in Internet discussion groups or chat sites is prohibited unless
solely for business purposes.
•
Internet access from SCA computers is only allowed through SCA controlled and
approved methods.
Use of e-mail and Systems for Electronic Communication
• Messages sent over the Internet and the e-mail system can result in to legal action
against SCA. Claims of defamation, breach of confidentiality or contract could arise from
any misuse or careless use of these facilities. Internet and e-mail messages must be
treated like any other form of formal correspondence, and the content and language
utilised must be consistent with established company policy. Electronic messages sent
by anyone using the mail system or Internet access of SCA may be easily archived by
other parties and made searchable over a long period of time. Messages sent out in the
e-mail may be disclosable in a legal action commenced against SCA where relevant to
the issues in the litigation.
•
All activities conducted using an SCA Internet account (i.e.
firstname.lastname@sca.com) reflect directly on SCA’s image and reputation. Users are
not permitted to conduct activities on any such account, which could embarrass or
damage SCA’s image or reputation.
•
E-mail addresses must not be used in private discussion groups, as receiver for private
advertisements or in any other way that could damage SCA.
•
Company information must not reside on servers outside SCA’s control, therefore e.g.
forwarding of business e-mail to public e-mail services (like HOTMAIL) is prohibited.
•
E-mail messages and attachments classified as “Confidential” or “Strictly Confidential”
must be protected using encryption.
•
Digital signatures (alone or together with the encryption, if necessary) must be used for
those e-mails for which the integrity of the content or the legal responsibility of the
sender is to be ensured.
•
Distribution of chain letters is prohibited.
Intellectual Property and Information Protection
• SCA’s intellectual property rights, confidential information and data as well as the
intellectual property, information and data of its customers and partners are highly
valuable corporate assets. As such they must be protected from deliberate,
unintentional or unauthorized alteration, copying, destruction and inappropriate
disclosure or dissemination and are to be used only in accordance with established
SCA policy, standard and all applicable laws and regulations in countries or states in
which SCA and its affiliates operate.
•
Intellectual property legislation, i. e. copyright and patent, prohibits duplication and
alteration of material without authorization. The User is not permitted to distribute or
download or upload pirated software or any material including but not limited to
music/sound, films, audio visual recordings, texts, databases, images, photographs
and logos without obtaining the necessary permission from the owners of such
works.
Registrating personal information
Registrating personal information in a database may in different legal systems be subject of
specific legislation. Such legislation must always be upheld.
Monitoring of IT resources Use
• The use of IT resources may be monitored without notice or permission for what are in
management’s discretion deemed to be for legitimate business reasons. These include
but are not limited to: monitoring in the normal course of system and network
administration; monitoring for the investigation of suspected conduct or performance
failings, including investigation of suspected disloyal behaviour, conduct contrary to
company policies (including a suspected breach of this policy) or fraud; and monitoring
for the protection of confidential information against possible impermissible
dissemination; and any other situation where in management’s judgment there is reason
to monitor the user’s internet use.
•
E-mail traffic may be monitored for what are deemed legitimate business purposes by
management, in its sole judgment. This includes but is not limited to routine monitoring
of e-mail traffic flow and examination of e-mail for manual routing where the message is
undeliverable because of an incorrect e-mail address.
•
The contents of files and any stored messages may also be reviewed by management
for what it deems to be legitimate business reasons, which include but are not limited to
review of work-related e-mail while the user is unavailable, to ensure that urgent matters
are dealt with; investigation of suspected behaviour or performance shortcomings
including possible breaches of this policy; for detection of fraud or for the protection of
confidential information where inappropriate dissemination is suspected; and any other
circumstance where management deems there are legitimate business reasons to
examine stored messages.
•
SCA may be required to disclose electronically stored information to third parties
pursuant to legal proceedings or if required by authorities.
•
Monitoring and review of the result of monitoring will only be performed by a defined
and limited number of individuals.
Stockholm, June 2004
SVENSKA CELLULOSA AKTIEBOLAGET SCA
Jan Åström
President and CEO